Busting the Top 5 Myths of Cloud-Based Authentication

The cloud is on its way to joining the list of truly revolutionary innovations by combining technology with new business approaches that can bring significant benefits to your organization. The benefits of cloud - agility, flexibility and cost savings – also extend to strong authentication. Thousands of organizations recognize this and are already making the big switch over to cloud based authentication. In fact, analysts predict that more than 50% of enterprises will choose cloud-based services as the delivery option for new or refreshed user authentication implementations within the next few years.

However, as with many ground-breaking innovations, this trend has also brought about some common myths.

During this live webinar you will hear Jason Hart, VP Cloud Solutions de-mystify the top 5 most common myths about migrating to cloud-based authentication:
• SECURITY: Cloud-based authentication isn’t as secure as server-based authentication
• CONTROL: It is complex to set up, and hard to implement
• AUTOMATION: Difficult and time-consuming to re-provision existing users, and enrol new users
• CHOICE: Only one token choice per user, and can’t use existing authentication tokens during the migration
•TCO: hidden service & maintenance costs and high upfront infrastructure costs

Join your fellow security professionals to understand the business and technology benefits of cloud-based authentication

Is there a way to centrally manage access to Microsoft Applications AND third party cloud apps? The answer is ‘Yes!’ To reduce implementation and ongoing administration complexity, organizations are looking to vendor-agnostic solutions to resolve their critical cloud access quandaries—including the need to maintain security, compliance and user convenience across their hybrid Microsoft and 3rd party cloud estates. Thanks to standards-based technology, hybrid Microsoft and non-Microsoft cloud environments can be managed centrally, so that you can benefit from:
•Single pane management of cloud applications
•Flexible scenario-based access policies
•Lower identity administration overheads
•Reduced total cost of operation

Join us for a new webinar in our series focused on helping companies prepare for the upcoming global government regulations, like European General Data Protection Regulation (GDPR). Data sovereignty, especially for cloud-first companies, is becoming an important part of any security strategy as these data breach regulations go into effect next year. Being able to demonstrate best efforts to protect the privacy of an individual’s data will be a requirement and non-compliance will have hefty monetary ramifications.

This webinar will walk attendees through what Gemalto has already done and is doing to prepare for data privacy regulations from product management to sales operations and more. Our Director of Global Data Privacy, Jean-Pierre Mistral, will share how and what we have done, takeaways and timelines and Alex Hanway, Product Marketing, will cover the different technologies companies can use to mitigate the risk of non-compliance and what this means for business operations globally.

Join us to hear more about:
•What is GDPR?
•Case Study: A look at how Gemalto has prepared for GDPR
•The implications for local businesses and technologies that can help mitigate risk around complying with data privacy regulations

Join us for part two of our webinar series focused on helping companies prepare for the upcoming Australian Privacy Act and global government regulations, like European General Data Protection Regulation (GDPR).
Data sovereignty, especially for cloud first companies, is becoming an important part of any security strategy as these data breach regulations go into effect next year. Being able to demonstrate best efforts to protect the privacy of an individual’s data will be a requirement and non-compliance will have hefty monetary ramifications.

This follow up webinar will walk attendees through what Gemalto has already done and is doing to prepare for data privacy regulations from product management to sales operations and more. Our legal counsel for global data privacy, Jean-Pierre Mistral, will share how and what we have done, takeaways and timelines and Graeme Pyper, Regional Director for New Zealand and Australia, will cover the different technologies companies can use to mitigate the risk of non-compliance and what this means for business operations globally.

Join us to hear more about:
•The Mandatory Data Breaches scheme
•Case Study: A look at how Gemalto is preparing for Australia’s NDB & GDPR
•The implications for local businesses and technologies that can help mitigate risk around complying with data privacy regulations

Cybersecurity is at a crossroads and requires a dramatic shift to adequately support the needs of business owners and security administrators as digital transformation challenges their needs and investments. Managing multiple cloud providers and dramatic increases in the number of endpoints generating data and the subsequent volume of data means enterprise security teams no longer have the requisite skills and bandwidth to deal with complicated security products. Building in security from the beginning quickly and cost-effectively is an industry game changer, especially with new growth markets like Big Data, Blockchain, Cloud Computing, Internet of Things and Digital Payments.

Multi-cloud environments and government regulations and industry compliance add to the complexity of maintaining a manageable and effective data protection strategy. Transforming encryption and key management (data protection in general) into a click and deploy model reduces internal business barriers between security teams, DevOps and product teams and alleviates disparate security policies, so you know where your data is and that it is secure. The way people consume security is changing by taking an on-demand approach similar to the Netflix philosophy. In this webinar, we will discuss how cloud-based security is simplifying workflow processes, changing cost/benefit models to drive us towards a pervasiveness of encryption and key management that will de-risk data and connectivity in similar ways to anti-virus and firewalls.

Join this interactive presentation to learn about:
• The role of security in today's connected world
• The drivers for and impact of simplifying security on business and workflow
• How security is providing valuable business intelligence through connected systems and meeting compliance mandates
• Gemalto’s solution to solving on-demand data protection
• Upcoming cybersecurity trends and how to prepare

The deadline to comply with Payment Card Industry Data Security Standard (PCI DSS) 3.2 is quickly approaching, leaving many businesses scrambling to understand and meet compliance requirements. Join us for an hour and learn more about the mandate and how you can prepare and be ready by February 2018.
This webinar will discuss and provide helpful information on the upcoming mandate including:
•Overview of PCI DSS 3.2
•What is new in PCI DSS 3.2 and what that means for your business
•Comprehensive solutions that will help you ensure compliance
•Mapping solutions to the needs of your department
Please visit our BrightTalk channel to register for the webinar.

According to Gartner, by 2021, IDaaS will be the majority access management delivery model for new purchases of access management solutions, up from less than 20% today. High maintenance costs and operational overheads as well as a shortage of skilled professionals are turning organizations to the cloud in an effort to outsource commodity IT services such as storage, content delivery, multi-factor authentication, cloud SSO and access management.
As some organizations hesitate to change the status quo of their access management and MFA infrastructure, others have already managed to migrate their users and resources to realize significant savings and better utilize their existing budgets.

In this webinar you’ll learn how to:
•Reap cloud efficiencies from as-a-service delivery of a cloud single sign-on solution
•Maintain your current investments while migrating to cloud-based access management
•Leverage automation to drastically lower day-to-day operational overheads
•Start global and go granular as you set up access management and cloud SSO policies
•Accommodate diverse user groups such as administrators, partners, C-suites and mobile users

Eric Hanselman, Chief Analyst at 451 Research and Michael Gardiner, Security Lead for CTO office, Gemalto

The cloud provides organizations with elasticity and speed and by 2018 60% of an enterprises’ workloads will run in the cloud says 451 Research. The amount of business operations running in the cloud means organizations have more cloud computing service providers, with a typical enterprise having roughly six. This requires companies to develop and implement a multi-cloud strategy, especially when it comes to security. But each CSP has its own security offerings and integrations sometimes making the process confusing and complex. Even prior to the cloud, encryption and key management have presented challenges for many organizations, but with encryption becoming ubiquitous – a strong key management strategy is key. This is especially important with industry mandates and government regulations like European General Data Protection Regulation (GDPR) and U.S state data breach disclosure laws.

In this joint webinar with 451 Research, we will cover topics including:

-Building a multi-cloud security strategy for encryption and key management
-Best practices, benefits and pitfalls of managing your own security
-Impact of regulations on data protection in the next few years
-Understanding the different CSP requirements for key management:
oCustomer-Supplied Encryption Key (CSEK)
oBring Your Own Key (BYOK)
oHold Your own Key (HYOK)
oGeneral cloud service provider key management services overview

With sensitive data residing everywhere, organizations becoming more mobile, and the breach epidemic growing, the need for advanced identity and data protection solutions has become even more critical.
This session will discuss Identity and Data Protection solutions for enterprise security, organizations can take a data-centric approach to their security posture, all while controlling access to the infrastructure and applications they rely upon — both on-premises, and in public and private clouds.

With the deadline for DFARS (Defense Federal Acquisition Regulation Supplement) quickly approaching, many business are scrambling to meeting compliance requirements. An important part of DFARS addresses the need for strong, two-factor authentication, as well as physical access controls to organizational information systems, equipment, and the respective operating environments to authorized individuals.
Are you prepared? If you’re like many other government contractors and subcontractors, a little advice may be needed to navigate the waters of physical and user access controls.
Gemalto’s Identity and Protection expert, Eric Avigdor, will be present and informative look at DFARS and what options are available to ensure compliance. What Eric will discuss:
•Overview of DFARS mandate
•Use cases – our experience from the field
•Comprehensive solutions that meet the multi-factor authentication and physical access controls required by the DFARS mandate
•Mapping solutions to the needs of your department

Blockchain technology is popping up everywhere from the currency market to smart contracts. The growth in the technology is evident from the investments being made, for example, PwC estimated that in the last nine last nine months of 2016, $1.4 billion had been invested globally in blockchain startups. This stems from its potential to enable efficiencies and cost-saving opportunities based on moving to a decentralized approach and away from the current centralized systems. With all the hype around blockchain, companies need to cut through the hype and ask the question - when does blockchain actually make business sense?

Blockchain is not a silver bullet and cannot solve every problem. There is also the added complexity of managing the security of many distributed nodes can only be justified by gaining business benefits from using blockchain. In this webinar, we will look at a business qualifying approach to blockchain to help you evaluate valid blockchain use cases and identify the security needs surrounding blockchain operations. Join us to learn more on:
•Securing blockchain from the edge to the core
•The operational benefits and pitfalls of blockchain technology
•Our 4 step qualification process for blockchain business opportunities:
1.Is there an established business process?
2.Are there more 3 parties involved – i.e. is it a distributed problem?
3.Is it important that the data being exchanged is trusted and considered to be factually accurate?
4.Would automation improve the performance of the process?

Law enforcement and defense organizations need secure access to sensitive data, and to provide services and to collaborate with others, while protecting the public, and any confidential information. Faced with these challenges, meeting compliance regulations such as Criminal Justice Information Services Security Policy (CJIS-SP) , is a priority for most organizations, especially as audits draw near.
Did you know that the Criminal Justice Information Services Security Policy (CJIS-SP) requires that data be encrypted when it is transmitted outside a secure facility, even within the same agency
“When CJI is transmitted outside the boundary of the physically secure location, the data shall be immediately protected via cryptographic mechanisms (encryption)”

Join us for an informative webinar where you will learn how to secure your data in transit as it moves across your internal and external network, to help ensure compliance with the FBI mandate.
Attendee takeaways:
•Overview of CJIS-SP mandate
Network vulnerabilities and how Ethernet encryption can help secure data in motion
•Use cases – hear how various agencies have successfully deployed network encryption to secure their data and meet audit requirements
•Mapping solutions to the needs of your organization

For more information on dealing with multi-factor authentication in the CJIS audit, check our part one in the series: https://www.brighttalk.com/webcast/2037/258091

Data breaches in 2016 got even more personal with big hacks of adult entertainment sites and social media databases. Hackers mined these for gold, in other words, valuable data to create social engineering attacks, ransom operations and identity theft. According to Gemalto’s Breach Level Index, the number of stolen, compromised or lost records increase by 86% in 2016, while the number of breaches decreased by 4%. Hackers are going after more data than ever before, and they are finding it in large databases that are left relatively insecure.

Whether consciously or not, hackers have grasped the idea of situational awareness. They have figured out how to exploit these golden opportunities by keeping a pulse on what is going on. It seems too simple to be true, but it goes back to the age-old principle of information is power. Getting the information comes from being aware of one’s surroundings. To become situationally aware, companies need to change their mindset- building a walled garden isn’t an option anymore. During the webinar, we will look at the major data breach trends and findings from 2016 and discuss how this information can help develop your situational awareness. Join us as we cover topics like:

-What we can learn from Jason Bourne about knowing one’s surroundings
-What we can learn from hackers to better protect valuable data
-What we as security professionals can do by going back to the basics of accountability, integrity, auditability, availability and confidentiality
-How to change our mindset in a new era of a hacker driven gold rush

For businesses and consumers the Internet of Things (IoT) is about the value of data, whether it’s for better decision making, for navigation to future goals or immediate maneuvering. The value of the data will vary based on numerous factors like its perceived value, intrinsic value, monetary value, etc. and may change over time. Being able to identify the value of data will help businesses better understand the associated risks and thereby the necessary security.

According to Gartner, worldwide spending on IoT security will reach $348 million in 2016, a 23.7% increase from 2015 spending of $281.5 million. Companies need to understand and evaluate the business impact of data to determine its value and consequently the appropriate security. Following our introductory webinar “Steeping out the Hype,” the next in our series on IoT security will focus on the building an IoT security blueprint based on the estimated value of the data. The calculation will not always be linked to a monetary value but also the data’s impact if breached on brand recognition and stock price or data used to make strategic decisions, competitive information and/or intellectual property.

Join us for a webinar to learn more about evaluating the value of your data and building an IoT security strategy to match the eight point business journey. Attendees will have a better understanding of the:
-Eight point business journey and its connection to securing the data
-Factors impacting the value of the data, the IoT personas outlook on each type of data and using them to calculate estimates and risk assessment to understand the cost of a breach
-Messages to educate management and business leaders on the investment needed to support a secure IoT
-A blueprint for building an IoT security strategy

With the advent of massively powerful quantum computers, much of today's encryption will be vulnerable. Preparing for the inevitability of quantum should be an integral part of current risk management strategy. Gemalto is teaming up with ID Quantique, a leader in quantum security, to help security professionals understand quantum-safe cryptography and the impact it will have on enterprise security. Find out how you can create a quantum-safe environment for voice, video, virtualization and mass data today, securing these assets from even the most advanced cybercriminals and their super-computers.

Join Gemalto and ID Quantique for a joint webinar to learn more about:
•What is quantum computing and how it affects security
•Quantum cryptography in action
•Examples of quantum cryptography in the enterprise and government space
•Quantum-safe solutions at a glance
•Future developments of quantum cryptography

Half of businesses admit security is their biggest concern to increasing user mobility. Securing enterprise mobility has been an ongoing and arduous topic for IT security professionals. Maintaining high-assurance security, while offering access to company resources to an on-the-go workforce has become a balancing act. So much so, a third of businesses actually prevent employee access to company resources via mobile. This is likely not a long term or sustainable solution to the problem.

So how do you find a compromise that won’t kill your security strategy? There are currently many technologies from derived credentials to mobile PKI. IT professionals are feeling the pressure to find a viable, user friendly, easy-to-deploy and secure options. In this webinar, we will discuss the current solutions in-depth and how they impact your current IT security policies. Attendees will learn more about:
-Software-based security versus hardware-based security
-How this impacts your back-end systems
-Technology such as derived credentials and mobile PKI
-Implementing a mobile PKI solution

Did you know if your organization receives criminal history information as part of licensing or a background checks, you are required to comply with the FBI CJIS Security Policy (CSP)? State agencies are also authorized to conduct formal audits to make sure compliance is met.
Compliance is just one benefit. Advanced authentication is also required when remotely accessing the FBI’s CJIS repository. Putting in place this technology helps law enforcement in the field have secure and timely access to important information when they need it.

Join us for an informative webinar where you will learn the basics to secure your devices, networks and users and become compliant with the FBI mandate.
Key attendee takeaways:
•Overview of CJIS mandate and Advanced Authentication
•Use case – our experience from the field
•Comprehensive solutions that meet the stringent requirements of the CJIS mandate
•Mapping solutions to the needs of your department

Cloud apps are being pulled into the enterprise hand-over-fist, with 93% of organizations using cloud-based IT services. But the efficiencies and convenience offered by cloud apps come at a price. While organizations have long been applying two-factor authentication to their network, VPN and email portals, they have failed to extend that same level of security to cloud-based applications, such as Office 365, AWS and Salesforce.

But the need for stronger cloud access security is only part of the story. Businesses looking to scale and increase their cloud adoption find there are other issues to contend with. Visibility into cloud access events and regulatory compliance become challenging to maintain. Helpdesk staff are burdened with password resets, and the most important link in the chain—users—are plagued with password fatigue.

Public Key Infrastructure (PKI) is a well-known security protocol used by some of the world’s largest governments and top enterprises, but it’s a technology that also affords many possibilities in new and growing industries. Even small to medium sized businesses can greatly benefit from PKI. However, PKI is also often mistakenly perceived as being difficult to deploy. Gemalto is addressing this common misconception. The next webinar in our PKI series, DIY PKI, will walk attendees through the entire process of setting up a PKI environment and how to manage it. We have developed a five step process to make it easy for security professionals to get their PKI system up and running with minimal time spent. The five step implementation method will give you an idea of how to set up a two tier Microsoft PKI infrastructure with Gemalto SafeNet Authentication Manager and SafeNet Luna HSM to perform smart card log on for small to medium sized enterprises.

Step by step implementation steps
oInstall and configure a Hardware Security Module (HSM)
oInstall the root CA and configure it with the HSM
oInstall and configure the issuing CA
oConfigure the permissions of users and create certificate templates
oInstall and configure an authentication manager

For the purpose of this webinar and using Gemalto’s five step propriety approach, we will use our SafeNet line of technologies to demonstrate the implementation of the PKI solution.

A familiar buzz word over the past few years has been the Internet of Things (IoT). We have all heard the talk about it being the next big thing, its massive growth potential and the benefits to everyone. The IoT will generate more data, connect more devices and enable more users, and somehow these interactions will be safe and secure.

We take a pragmatic view of IoT, cutting through the hype to uncover the core objective. Furthermore, we take a persona based approach to IoT security, and have identified four main ones: cloud service providers, consumers, device makers and third-party service providers. Each persona faces the obstacle of securing different parts of the ecosystem whether its access, the device, data and/or the user. However, it is necessary that security is provided holistically, as the weakest security link in the chain could compromise it all. In addition to security, the personas are used to demonstrate the ‘Stages of IoT’ from the digital identity of physical products to actualization of new business opportunities. No matter what persona in the IoT ecosystem you are (or are not), the webinar cuts through the hype to understand the real business opportunities and share with attendees the technology tool box (predictive analytics, security, connectivity, data collection and business intelligence) to create and improve services and leverage the generated data internally and externally.

Join us for the webinar, “IoT Security Over Tea: Steeping out the Hype”, to learn more about:
•A grounded perspective on IoT
•Why IoT security matters for everyone
•The persona analysis of IoT security
•Key considerations as it begins to take off
•How to protect what matters most to you

SafeNet is the only company trusted to protect the world’s most sensitive commercial and government assets. We do this through solutions that persistently protect throughout the information lifecycle and evolve to support changing business and market requirements without disruption.